Consulting

IANS consulting projects are led by members of the IANS Faculty - expert practitioners who engage with the key issues you face and who deliver actionable recommendations, research and data to help you get results.

Consulting

Technical Consulting

Comprehensive Security Assessment Comprehensive Security Assessment

Go to Case Study »

The IANS Comprehensive Security Assessment strengthens an organization’s overall information security program. Leveraging years of experience with a host of different environments, IANS can conduct a cooperative exercise reviewing each component of your environment, reporting the overall risk environment and recommendations that will increase the likelihood of withstanding, detecting, and responding appropriately to an attack.

During the assessment, we will aid your team in identifying core critical security programs and designing a maturity model for each program by:

  • Identifying critical areas of risk, as well as the systems and processes that are used in these areas
  • Performing a security review and assessment of architectural design and system configurations
  • Identifying architectural design weaknesses and vulnerabilities
  • Evaluating the IT architecture, security architecture, and security controls based on industry-standard security baselines
  • Providing recommendations for remediation and improvement of the overall security posture of the environment

A Comprehensive Security Assessment will begin with an initial security program maturity review to identify your current security maturity model. We will work with you to review each component of the environment, performing interviews with key business stakeholders as well as validation and testing, to evaluate the architectural design and controls that encompass the overall security posture.

Findings will be categorized into 12 areas of security, which are highly flexible and customized to the organization:

  • Policies and Procedures
  • Regulatory and Compliance
  • Network and Telecommunications Security
  • Application Security
  • Hardening Guidelines
  • External Presence
  • Incident Response
  • Monitoring and Detection
  • Third-Party Vendor Management
  • Wireless and Mobile Security
  • Education and Awareness
  • Physical Security

Using the assessment findings, IANS will create a detailed report that identifies the organization’s overall risk environment and outlines steps it can take in order to bolster the information security program. We will also assist in identifying the organization’s goals and produce clear and actionable deliverables to bridge the current maturity model to the future state in security.

Comprehensive Technical Assessment Comprehensive Technical Assessment

The IANS Comprehensive Technical Assessment delivers a full examination of your organization’s defense environment. Using customized techniques and methodologies, IANS’ vulnerability scans and attack simulations determine the strength of your defenses. We search for attackers who have successfully bypassed existing detection methods, and test your response to outgoing data to see what your current systems can detect.

The Comprehensive Technical Assessment answers three crucial questions:

How can we be breached?
Penetration Testing: Have those who literally wrote the book on pen-testing perform this necessary and important initiative across all areas at your organization, including:

  • Network
  • Application
  • Wireless
  • Physical
  • Social Engineering

How well can we detect attacks?
Detection Point Assessment: Determine the effectiveness of client-side and network infrastructure to mitigate malicious activity inside the network and detect / prevent data exfiltration through the perimeter via:

  • Malware Placement
  • Clipping Levels
  • Internal Pivot

Are we already compromised?
Hunt Teaming: Track down attackers who have successfully flown under the radar and breached your environment, using proven methods such as:

  • URL Analysis
  • Session Analysis
  • Concurrent Login Analysis

After conducting a thorough investigation, IANS will deliver a detailed report and an action plan for your team to implement.

Penetration Testing Penetration Testing

Go to Case Study »

IANS Penetration Tests are led by members of our Faculty, each utilizing a variety of different approaches to uncover vulnerabilities and exploitable weaknesses in your environment.

By choosing a different Faculty Member to lead each of your organization’s penetration tests, you have the opportunity to test your security defenses against a constantly-evolving skillset - and avoid the necessity of switching providers on a regular basis. Many industry standard tools, like SamuraiWTF and MobiSec, for example, are projects created and run by IANS Faculty.

IANS conducts the following types of penetration tests, either separately or concurrently:

  • Network
  • Application (including web and mobile)
  • Social Engineering
  • Physical
  • Device

Testing is performed based on a number of standards and guidelines, including PCI-DSS, OWASP, ISO27001, NIST, and others. The approach consists of the following steps: reconnaissance (external only), mapping, discovery, and exploitation.

We use a number of open-source and commercially available tools throughout testing. Since each test performed produces different vulnerabilities and opportunities for exploitation, the specific tools utilized on every test are determined throughout the testing process. Commonly used tools include (but aren’t limited to):

  • Samurai WTF
  • BeeF
  • Metasploit
  • Nessus
  • NMap
  • DBVisualizer
  • Kali
  • Burp Suite Pro
  • Wireshark
  • Cain & Abel

Once the penetration test has been performed, IANS will deliver a detailed report that assesses both tactical findings (like patch levels) and stra¬tegic findings (such as flaws in business processes). Based on the results of the penetration test and taking into account the goals of each organization’s unique situation, we will also create a roadmap outlining recommendations and milestones for improvement in the future.

Detection Point Assessment Detection Point Assessment

After conducting thousands of penetration tests, IANS experts recognized the need to go beyond this method to determine the effectiveness of client-side and network infrastructure controls.

To better test an organization’s ability to recognize and respond to attacks, IANS performs an assessment of an organization’s “detection points” - the levels at which an organization can effectively detect and respond both malicious activity inside the network and data being exfiltrated through the perimeter.

A number of tools - such as IDS/IPS and log management - are good at detecting known server-side attacks, but very few can successfully detect client-side attacks, command-and-control (C2), or data exfiltration. Many organizations focus on keeping attackers out, but are less sensitive to detecting an attacker that has successfully compromised their network.

During a Detection Point Assessment, we place malware of various levels of obfuscation and complexity on a network host provided by the organization. This malware then attempts to communicate with a C2 server controlled by IANS. We then monitor the server and client to determine the level of interaction achieved by the malware and use this information to uncover weaknesses in current security control measures.

We leverage cutting-edge methodologies being used today in actual attacks. Therefore, we test many different methods in order to bypass both client-side controls and network filtering controls, including:

  • Tools already available on internal systems (to avoid detection)
  • Traditional malware-delivery mechanisms such as malicious execut-ables or documents
  • Various encoding techniques that allow known malware to bypass execution restrictions
  • Advanced, custom-written exploits

Using the assessment findings, IANS will create a detailed report that includes a full breakdown of all command-and-control and AV/IDS/IPS byass techniques which worked and did not work during the course of the assessment. We will also include a full breakdown of all methods used to escalate privileges and/or gain access to sensitive data.

Hunt Teaming Hunt Teaming

Go to Case Study »

Despite their best efforts to create and maintain the most secure defense environment possible, many companies worry that their networks are not only vulnerable, but may already be compromised. Traditional detection methods are failing, and it is becoming clearer that attackers have a firm understanding of the detection methods deployed by many organizations.

Because technologies like AV, IDS and firewalls are known to attackers, it is trivial for them to bypass critical security defenses. IANS uses proven hunt teaming methods to track down attackers that have successfully flown under the radar and breached your environment, then delivers a detailed report with a Full ELK VM that includes hunt teaming filters, reports, and analysis scripts.

URL Analysis
To uncover highly effective and targeted attacks, IANS reviews the top 1-2% of URLs (in terms of overall length) your company’s user workstations are visiting. Sophisticated attackers have been known to manipulate URLs in order to bypass URL filtering and monitoring software, a process that often leads to URLs which are highly obfuscated and long. This can be a warning sign pointing to abnormal traffic caused by attackers.

Session Analysis
IANS then reviews egress connection logs to identify IP addresses that have consistent connections over a 24-hour period. This analysis reveals persistent outbound connections and identifies attacker command-and-control (C2) compromises.

When a system is compromised and a backdoor is installed, the backdoor commonly has a persistent connection, or at least a “beacon” at regular intervals. This behavior is in stark contrast with standard system and user traffic, which typically utilizes short-lived connections. Using Session Analysis, we can identify and address abnormal traffic matching known C2 patterns.

Multiple Concurrent Login Analysis
A common tactic used by attackers is to leverage captured credentials to pivot to other internal resources. When such attackers pivot they usually utilize normal methods, such as SMB, SSH and RDP, to access other resources and sensitive data. This is troubling because many IDS, IPS and firewall technologies will not flag these activities as abnormal.

This activity can be detected, however, through analysis of concurrent logins. When users logs on to a system, they usually access their local computer and a handful of resources, like file servers and printers. However, when attackers log onto a system, they tend to access dozens, if not hundreds, of resources. Our testing will determine any such abnormal behavior to help you understand who is on your network.

Incident Response Incident Response

Go to Case Study »

No information security team ever wants to experience an incident, but if your environment is compromised, your approach to addressing and managing the aftermath of the incident is critical. The goal is to limit damage and reduce recovery time and costs. You need to understand exactly what went wrong in order to remediate vulnerabilities.

In the event of an incident, IANS will work with your organization to quickly investigate and produce forensically recovered pertinent information, detailed reports, and recommendations. You can tap into our experts when you need them, avoiding lengthy procurement cycles and delays.

The types of incidents that IANS investigates include, but are not limited to:

  • Unauthorized account use
  • Unauthorized use of system privileges
  • Excessive account lockout
  • Malicious code
  • Website alterations
  • DDOS attacks or network scans

The Incident Response project will begin with a preliminary assessment. IANS will evaluate the severity and damage potential of the incident and, depending on the circumstances, recommend that you solve the problem internally with our help or engage in a long-term response project with an external firm such as Mandiant.

If the preliminary assessment concludes that the incident can be handled by IANS and your team, the investigation will begin by collecting as much information as possible, with the aim of identifying and preserving the evidence that will be needed to understand what has ocurred. IANS will then meticulously analyze the data and identify the “who, what, when, and how” of the incident. We will examine all information gathered and parse it down to determine what’s truly important and needed to draw a conclusion.

Once we have fully investigated and analyzed the incident, we will provide you with a detailed report, including appropriate Chain of Custody documentation for systems, images, or data acquired during this engagement and recommendations for the proper security configuration and operations of the systems or environment being examined. We will also prepare reports or forensic evidence for the appropriate law enforcement or investigating government agency at your request.


Organizational Consulting

CISO Impact consulting provides the CISO — and the entire information security team - with the insight and tools needed to drive information security into the operational and strategic fabric of the organization.

Diagnostic 360 Diagnostic 360

The CISO Impact Diagnostic 360 utilizes the Diagnostic tool to collect responses from multiple groups or team members. This can include members of your information security team, or a wider range of respondents such as executive leadership and/or other key stakeholders. The data gathered during Diagnostic 360 will help you:

  • Identify and address current challenges from multiple business perspectives.
  • Gain a deeper understanding of how information security’s value and impact on the organization is perceived by relevant stakeholders.
  • Uncover areas of weakness that may have been missed in a narrower assessment.

Custom Workshop Custom Workshops

Custom CISO Impact Workshops support the assessment of your information security organization’s current management capabilities and gaps by highlighting strengths, weaknesses, challenges, and opportunities within the context of the CISO Impact diagnostic dataset. Using your Diagnostic results as the baseline, custom CISO Impact Workshops will guide you and your team in:

  • Examining your current performance in one or more of the 7 Factors of CISO Impact.
  • Assessing and prioritizing how to address gaps discovered by your Diagnostic results.
  • Creating custom-tailored action plans for improvement.

Action Roadmap Planning Action Roadmap Planning

The CISO Impact Action Roadmap Planning service utilizes a combination of your Diagnostic data, interviews with key stakeholders, and Factor-specific analysis of your information security team’s strengths and gaps to build a milestone-based roadmap of executable actions. During the project, you will:

  • Map the shortcomings discovered in the Diagnostic and conduct working sessions with key stakeholders to develop an approach towards improvement.
  • Use the Diagnostic results and analysis to dig deeper and develop action plans that are directly relevant to your team’s challenges.
  • From the action plans, create a roadmap and set of milestones that can be measured and reassessed over time.

Portfolio Assessment Portfolio Assessment

A CISO Impact Portfolio Assessment provides corporate information security teams that operate within an environment characterized by multiple entities, mergers, and a broad portfolio of businesses with an enterprise view into the capabilities of their information security teams. The Portfolio Assessment will provide you with the ability to:

  • Assess the performance of your portfolio against your own expectations, industry standards, or the universe of IANS CISO Impact data.
  • Discover strengths and weaknesses across a level playing field of measurement/metrics.
  • Segment your portfolio into relevant industry groups and compare them to each other, within segment groups, or to a relevant subset of the IANS data set.

Coaching Coaching

CISO Impact Coaching partners you with an IANS Faculty Member for executive-level 1:1 assistance. The IANS coach will provide you with assistance and advice on strategic and leadership issues. CISO Impact Coaching will support you in:

  • Communicating with key business stakeholders in your organization, such as other C-level executives and the Board.
  • Preparing for presentations or personnel discussions.
  • Developing approaches to gaps identified by the Diagnostic.

Learn More


If you have a question, comment, or would like to learn more about our services, please use this form to let us know what you’re looking for. A member of the IANS team will be in touch soon.